QA Report #269
Labels
bug
Something isn't working
QA (Quality Assurance)
Assets are not at risk. State handling, function incorrect as to spec, issues with clarity, syntax
Comments
code423n4
added
bug
code is missing natspec and in general commentsValid NC Reentrancy informationCode is non CEI conformant, valid Low |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
code is missing natspec and in general comments
This problem may lead into problems with readability and maintainability, also may lead into unexpected behaviours.
Reference: https://secureum.substack.com/p/security-pitfalls-and-best-practices-201?s=r
Keypoint 154: Comments
Example: https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VE3DRewardPool.sol#L122-L132
Recommendations: Add the return types and other key aspects on the code and expected behaviours like what is supposed to do the function. Follow general guidelines for well written code like the ones from Secureum.
Reentrancy information
Reentrancy that uses transfer and transferFrom gast cost as protection may lead into problems in case gast cost changes, as can be minting more
Start of the call: https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#L114
External call: https://github.com/code-423n4/2022-05-vetoken/blob/main/contracts/VeAssetDepositor.sol#L90
Detection: slither
The text was updated successfully, but these errors were encountered: